From dc2ff7fb755f6bb08778497521baa494230f60fe Mon Sep 17 00:00:00 2001
From: Birkhoff <birkhoffcheng@gmail.com>
Date: Wed, 25 Jul 2018 17:17:17 -0400
Subject: [PATCH] Install easy-rsa instead of downloading tarball from GitHub

---
 openvpn-install.sh | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 0ac54d3..b217a38 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -147,9 +147,9 @@ if [[ -e /etc/openvpn/server.conf ]]; then
 					semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT
 				fi
 				if [[ "$OS" = 'debian' ]]; then
-					apt remove --purge openvpn stunnel4 -y
+					apt remove --purge openvpn stunnel4 easy-rsa -y
 				else
-					yum remove openvpn stunnel4 -y
+					yum remove openvpn stunnel4 easy-rsa -y
 				fi
 				rm -rf /etc/openvpn /etc/stunnel
 				rm -f /etc/sysctl.d/30-openvpn-forward.conf
@@ -238,28 +238,21 @@ else
 	if [[ "$OS" = 'debian' ]]; then
 		apt update
 		apt dist-upgrade -y
-		apt install openvpn iptables openssl ca-certificates stunnel4 -y
+		apt install openvpn iptables openssl ca-certificates stunnel4 easy-rsa -y
 	else
 		# Else, the distro is CentOS
 		yum install epel-release -y
-		yum install openvpn iptables openssl ca-certificates stunnel4 -y
+		yum install openvpn iptables openssl ca-certificates stunnel4 easy-rsa -y
 	fi
-	# Get easy-rsa
-	EASYRSAURL='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz'
-	wget -O ~/easyrsa.tgz "$EASYRSAURL" 2>/dev/null || curl -Lo ~/easyrsa.tgz "$EASYRSAURL"
-	tar xzf ~/easyrsa.tgz -C ~/
-	mv ~/EasyRSA-3.0.4/ /etc/openvpn/
-	mv /etc/openvpn/EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/
-	chown -R root:root /etc/openvpn/easy-rsa/
-	rm -f ~/easyrsa.tgz
+	mkdir /etc/openvpn/easy-rsa/
 	cd /etc/openvpn/easy-rsa/
 	# Create the PKI, set up the CA, the DH params and the server + client certificates
-	./easyrsa init-pki
-	./easyrsa --batch build-ca nopass
-	./easyrsa gen-dh
-	./easyrsa build-server-full server nopass
-	./easyrsa build-client-full $CLIENT nopass
-	EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
+	easyrsa init-pki
+	easyrsa --batch build-ca nopass
+	easyrsa gen-dh
+	easyrsa build-server-full server nopass
+	easyrsa build-client-full $CLIENT nopass
+	EASYRSA_CRL_DAYS=3650 easyrsa gen-crl
 	# Move the stuff we need
 	csplit -f /etc/openvpn/easy-rsa/pki/issued/cert. /etc/openvpn/easy-rsa/pki/issued/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}'
 	rm /etc/openvpn/easy-rsa/pki/issued/cert.00 /etc/openvpn/easy-rsa/pki/issued/server.crt